• Our team is looking to connect with folks who use email services provided by Plesk, or a premium service. If you'd like to be part of the discovery process and share your experiences, we invite you to complete this short screening survey. If your responses match the persona we are looking for, you'll receive a link to schedule a call at your convenience. We look forward to hearing from you!
  • We are looking for U.S.-based freelancer or agency working with SEO or WordPress for a quick 30-min interviews to gather feedback on XOVI, a successful German SEO tool we’re looking to launch in the U.S.
    If you qualify and participate, you’ll receive a $30 Amazon gift card as a thank-you. Please apply here. Thanks for helping shape a better SEO product for agencies!
  • The BIND DNS server has already been deprecated and removed from Plesk for Windows.
    If a Plesk for Windows server is still using BIND, the upgrade to Plesk Obsidian 18.0.70 will be unavailable until the administrator switches the DNS server to Microsoft DNS. We strongly recommend transitioning to Microsoft DNS within the next 6 weeks, before the Plesk 18.0.70 release.
  • The Horde component is removed from Plesk Installer. We recommend switching to another webmail software supported in Plesk.

Issue Rigid firewall configuration.

EdgarEstrada

EdgarEstrada

New Pleskian
Server operating system version
CentOS 7
Plesk version and microupdate number
18.0.66
Hello
My Plesk Obsidian (CentOS) server has two IP addresses (on the same network card) to serve some sites on one IP and an e-commerce site on another IP.

The E-commerce site requires ports 80 and 443, while the other IP requires 21, 25, 80, 110, and others.

It seems I can't do this using the Plesk GUI, and I can't manually change iptables rules because they get lost at the next reboot.

Any suggestions?
 
There is no straight forward method doing this, but as a workaround you could create a script which adds custom rules to iptables. Then in Plesk you can use the Event Manager setup an event which calls your script every time the any rules on the Plesk firewall gets updated (Firewall rules activated). That way your custom iptables rules get re-added automatically every time the Plesk firewall rules get updated.
 
Helo. I did as you suggested, however the first IP is still replying to the other ports despite the shell script.

Here is a copy of my script, hopefully you can see where might be the error.

#!/bin/bash
set -e

([ -f /var/lock/subsys/ipchains ] && /etc/init.d/ipchains stop) >/dev/null 2>&1 || true
(rmmod ipchains) >/dev/null 2>&1 || true

apply_rule()
{
local iptables_bin="$1"
shift

local iptables_version
iptables_version="`"$iptables_bin" --version | awk '{print $2}' | awk -F. '{printf "%d%02d\n", $2, $3}'`"

# Use the native --wait option since v1.4.20
if [ "$iptables_version" -gt 420 ]; then
"$iptables_bin" -w "$@" 2>/dev/null
return $?
fi

# Emulate --wait for older versions
for i in `seq 10`; do
"$iptables_bin" "$@" 2>&1 | grep -q xtable || return 0
sleep 1
done

return 1
}

# accept 80 and 443

apply_rule /usr/sbin/iptables -A INPUT -d 148.72.71.34 -p tcp --dport 80 -j ACCEPT
apply_rule /usr/sbin/iptables -A INPUT -d 148.72.71.34 -p tcp --dport 443 -j ACCEPT

# block all else

apply_rule /usr/sbin/iptables -A INPUT -d 148.72.71.34 -j DROP

# End
 
I am no expert on iptable rules, so I am not sure. Do the rules show up in iptables when you list all rules?
 
You must log in or register to reply here.

Similar threads

A
Question Plesk firewall - CrowdSec iptables interaction
Replies
3
Views
368
andg
A
F
Question IPv4 forwarding rule
Replies
8
Views
220
alvarezcruz
alvarezcruz
S
Issue Cant activate the plesk firewall
Replies
5
Views
2K
martinez.marcias@gmai
M
O
Resolved Update Plesk 18.0.68 on CentOS7 result in no website reachable and email not working anymore
Replies
3
Views
535
Onkeltom01
O
I
Question Limit access by ip to Plesk
Replies
6
Views
779
IDIDID
I
Back
Top